Key Policy Considerations  When ImplementingNext-Generation Firewalls        Hosted by:
Agenda• Why next-generation firewalls (NGFWs)?• How to manage NGFW policies in a mixed  environment• NGFW deployment best ...
Today’s PanelistsJosh Karp                        Ben Dimmitt                          Jared BeckDirector, Business Develo...
Understanding Next-Generation          Firewalls
Applications Have Changed;                    Firewalls Have NotThe firewall is the right placeto enforce policy control• ...
Applications Carry RiskApplications can be “threats”               Applications carry threats   • P2P file sharing, tunnel...
The Right Answer:                    Make the Firewall Do Its Job  Next Generation Firewall (NGFW)1. Identify applications...
ID Technologies / Architecture -Transform the Firewall•App-ID™                         •User-ID™•Identify the application ...
Comprehensive View of Applications, Users & Content                                                                   •   ...
Fewer Policies, Greater Control• Very simple, yet very  powerful, control of  applications, users, and  content   10
Unprecedented Levels                     of Enterprise 2.0 Control• Now you can minimize risks, maximize rewards:    -   B...
Managing Next-GenerationFirewall Policies in a Defense-in-         Depth Network
Today’s Network is a Complex MazeWhat’s in Your Network?• Multiple firewall vendors?• Different firewall models?• Numerous...
Network Security Challenges     55.6% of Challenges Lie with Problematic Internal Processes               "What is the gre...
Holistic Visibility of Firewall Policies in       a Defense-in-Depth Setup15
Analyze Firewall Policies              Across the Entire Network• Analyze all possible traffic variations  based on dynami...
Optimize Your Rule Base• Optimize policies by eliminating unused rules or objects, consolidating  similar rules, etc.• Re-...
Assess Firewall Policies for Risk     • Leverage database of industry best-practices and known risks     • Identify and qu...
Simplify Audit and Compliance• Auto-generate  compliance reports• Consolidate compliance  view with device-  specific dril...
Keep Up With ChangesDoes your firewall change process look like this?       • 20-30% of changes are unneeded       • 5% im...
Automate the Firewall Change Workflow                               OptimalRequest    Proactive Risk                    Ve...
AlgoSec Security Management Suite      Business Impact      •   60% reduction in change management costs      •   80% redu...
Managing Firewall Policies Across           Diverse Network Environments More Results. Better Accuracy.• Non-Intrusive• To...
Firewall Policy Management Checklist           Automation that Delivers Security and Operational Value and Helps You:• Mak...
Firewall Management Best  Practices from the Field
Next Generation Firewalls                    and their Applications• Defining, validating, and enforcing access policy  al...
Firewall Management TipsFour Keys:1.   Be diligent in patching your firewalls2.   Regularly monitor configuration3.   Asse...
Firewall Assessment Approach                                 • Firewall Assessment                                       •...
Dimension Data’s Firewall Assurance                 Approach• Firewall Policy and Risk Management:     – Monitor firewall ...
Case Study: Large Financial                        Institution                       Challenge                            ...
Case Study:     Firewall Assessment Sample Content31
Case Study:     Palo Alto Deployment Example32
Q&A and Additional Resources• AlgoSec-Palo Alto Networks Solution Brief  http://media.paloaltonetworks.com/documents/algos...
Upcoming SlideShare
Loading in...5
×

Key Policy Considerations When Implementing Next-Generation Firewalls

1,396

Published on

This presentation examines next-generation firewalls, and provides practical advice on how to effectively and efficiently manage policies in a multi-product and even multi-vendor, defense-in-depth architecture.

By watching this webcast you will learn answers to the following questions:

-What constitutes a next-generation firewall and what problems does it solve?
What are the deployment options for next-generation firewalls?
What do policies in a defense-in-depth architecture look like?
How can you efficiently manage next-generation firewalls AND traditional firewall policies?
And much more

Published in: Technology
0 Comments
2 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
1,396
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
55
Comments
0
Likes
2
Embeds 0
No embeds

No notes for slide

Key Policy Considerations When Implementing Next-Generation Firewalls

  1. 1. Key Policy Considerations When ImplementingNext-Generation Firewalls Hosted by:
  2. 2. Agenda• Why next-generation firewalls (NGFWs)?• How to manage NGFW policies in a mixed environment• NGFW deployment best practices• Examine a real-life use case
  3. 3. Today’s PanelistsJosh Karp Ben Dimmitt Jared BeckDirector, Business Development Sr. Corporate Solutions Specialist Sr. Solutions ArchitectAlgoSec Palo Alto Networks Dimension Data
  4. 4. Understanding Next-Generation Firewalls
  5. 5. Applications Have Changed; Firewalls Have NotThe firewall is the right placeto enforce policy control• Sees all traffic• Defines trust boundaryEnables access via positive control BUT…applications have changed •Ports ≠ Applications •IP Addresses ≠ Users •Packets ≠ Content Need to restore visibility and control in the firewall 5
  6. 6. Applications Carry RiskApplications can be “threats” Applications carry threats • P2P file sharing, tunneling • SANS Top 20 Threats – majority are applications, anonymizers, application-level threats media/videoApplications & application-level threats result in major breaches – Pfizer, VA, US Army 6
  7. 7. The Right Answer: Make the Firewall Do Its Job Next Generation Firewall (NGFW)1. Identify applications regardless of port, protocol, evasive tactic or SSL2. Identify users regardless of IP address3. Protect real-time against threats embedded across applications4. Fine-grained visibility and policy control over application access / functionality5. Multi-gigabit, in-line deployment with no performance degradation 7
  8. 8. ID Technologies / Architecture -Transform the Firewall•App-ID™ •User-ID™•Identify the application •Identify the user•Content-ID™ •SP3 Architecture•Scan the content •Single-Pass Parallel Processing 8
  9. 9. Comprehensive View of Applications, Users & Content • Application Command Center (ACC) – View applications, URLs, threats, data filtering activity • Add/remove filters to achieve desired resultFilter on Facebook-base Filter on Facebook-base Remove Facebook to and user cook expand view of cook 9
  10. 10. Fewer Policies, Greater Control• Very simple, yet very powerful, control of applications, users, and content 10
  11. 11. Unprecedented Levels of Enterprise 2.0 Control• Now you can minimize risks, maximize rewards: - Block bad apps to reduce attack surface - Allow all application functions - Allow, but only certain functions - Allow, but scan to remove threats - Allow, but only for certain users - Allow, but only for certain time periods - Decrypt where appropriate - Shape (QoS) to optimize use of bandwidth …and various combinations of the above 11
  12. 12. Managing Next-GenerationFirewall Policies in a Defense-in- Depth Network
  13. 13. Today’s Network is a Complex MazeWhat’s in Your Network?• Multiple firewall vendors?• Different firewall models?• Numerous firewall types (traditional, NGFW, etc.)?• Vendor-specific firewall management consoles?• Other security devices (routers, SWGs, etc.)?13
  14. 14. Network Security Challenges 55.6% of Challenges Lie with Problematic Internal Processes "What is the greatest challenge when it comes to managing network security devices in your organization?” Tension between IT admin and InfoSec teams, 9.4% Time-consuming manual processes, Error-prone processes 30.0% cause risk, 10.0% Preventing insider threats, 13.3% Poor change Lack of visibility into management network security processes, 15.6% policies, 21.7%Source: State of Network Security, AlgoSec, 201214
  15. 15. Holistic Visibility of Firewall Policies in a Defense-in-Depth Setup15
  16. 16. Analyze Firewall Policies Across the Entire Network• Analyze all possible traffic variations based on dynamic network simulation• Understand the network with topology awareness that accounts for various firewall technologies• Analyze how traffic flows through multiple firewalls• Aggregate findings from firewall groups Use this information to optimize policies, reduce risk and ensure compliance16
  17. 17. Optimize Your Rule Base• Optimize policies by eliminating unused rules or objects, consolidating similar rules, etc.• Re-order rules for optimal firewall performance• Tighten overly permissive rules based on historical usage patterns17
  18. 18. Assess Firewall Policies for Risk • Leverage database of industry best-practices and known risks • Identify and quantify risky rules18
  19. 19. Simplify Audit and Compliance• Auto-generate compliance reports• Consolidate compliance view with device- specific drill downs• Out-of-box regulation support for PCI DSS, SOX, ISO 27001, Basel II, NERC CIP, J-SOX 19
  20. 20. Keep Up With ChangesDoes your firewall change process look like this? • 20-30% of changes are unneeded • 5% implemented incorrectly20
  21. 21. Automate the Firewall Change Workflow OptimalRequest Proactive Risk Verify Correct Audit the ImplementationAnalysis Assessment Execution Change Process Design Recertify Rules Security Operations Operations Measure SLAs Compliance Executive21
  22. 22. AlgoSec Security Management Suite Business Impact • 60% reduction in change management costs • 80% reduction in firewall auditing costs • Improved security posture • Improved troubleshooting and network availability • Improved organizational alignment and accountability22
  23. 23. Managing Firewall Policies Across Diverse Network Environments More Results. Better Accuracy.• Non-Intrusive• Topology-aware analysis• Single device , group, or “matrix” analysis• Patented algorithms analyze all traffic variations• Near real-time change monitoring• Broadest knowledgebase for risk and compliance 23
  24. 24. Firewall Policy Management Checklist Automation that Delivers Security and Operational Value and Helps You:• Make the business more agile• Refocus efforts on more strategic tasks• Minimize misconfigurations/human errors• Ensure continuous compliance• Reduce operational and security costs24
  25. 25. Firewall Management Best Practices from the Field
  26. 26. Next Generation Firewalls and their Applications• Defining, validating, and enforcing access policy allowing the right content at the right time for the right users are critical for the success of an organization’s infrastructure security model.• Organizations need to rethink security strategy at a much higher layer in the OSI model…• Palo Alto Firewalls deployed in one of two ways: • Inline behind current enterprise firewall to augment existing stateful policies as a “Virtual Wire”. Often done to prove out the power of Palo Alto’s AppID and UserID. • Replacement of existing enterprise firewalls through migration. Existing rule bases need to be analyzed and cleaned up before migrating, and AlgoSec ensures a smooth process.26
  27. 27. Firewall Management TipsFour Keys:1. Be diligent in patching your firewalls2. Regularly monitor configuration3. Assess your rule base4. Automate and centralize – Obstacle to effectively managing security controls and network policies is the disparate nature of point products. – Managing firewalls with different configurations and interfaces is cumbersome and prone to human error. – Compliance with regulations requires robust security policies, which requires mapping 1000s of security controls to the required network policies – a daunting and potentially resource-draining task.27
  28. 28. Firewall Assessment Approach • Firewall Assessment • Governance• Ongoing Firewall Management Services • Risk • Monitoring • Compliance • Change Control • Audit • Workshops • Policies and Procedure Review/Design • Implementation Services • Product Integration • Firewall Design • Network segmentation 28
  29. 29. Dimension Data’s Firewall Assurance Approach• Firewall Policy and Risk Management: – Monitor firewall policy changes, report them in real time and maintaining a comprehensive, accurate audit trail for full accountability – Provide analysis and clean-up of complex rule bases and objects to eliminate potential security breaches and improve performance – Perform powerful simulation and risk analysis to identify potential security risks, ensure compliance with organizational security standards, and prevent service interruptions• Firewall Threat Management: – Provide regulatory compliance validation and auditing – Perform rule-based egress and regress testing – Signature development and fine-tuning – Advanced penetration testing – Application protocol and threat traffic scanning29
  30. 30. Case Study: Large Financial Institution Challenge Business Impact• Public banking security breaches raised concerns • The business was susceptible to a security breach about security posture and compliance status • Non-compliance to audit requirements could result in financial penaltiesDimension Data Solution Benefits• Able to perform firewall assessment using AlgoSec • Compliance audit requirements are met consistently to determine strength of existing firewall policies • Ability to report accurately on security posture• Deployed Palo Alto 5060 firewalls to protect critical • Processes and systems ensure proactive and effective infrastructure management of security infrastructure • System and process automation lowers TCO 30
  31. 31. Case Study: Firewall Assessment Sample Content31
  32. 32. Case Study: Palo Alto Deployment Example32
  33. 33. Q&A and Additional Resources• AlgoSec-Palo Alto Networks Solution Brief http://media.paloaltonetworks.com/documents/algosec.pdf• Case Studies – AlgoSec: http://www.algosec.com/en/customers/testimonials – Palo Alto Networks: http://www.paloaltonetworks.com/literature/customers/Reed-Customer-Video.html• AlgoSec Security Management Suite Evaluation AlgoSec.com/eval
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×